Lucene search
K

55 matches found

NVD
NVD
added 2 days ago7 views

CVE-2026-15373

A vulnerability was detected in Eleveo Call Recording Software 9.7.0. The impacted element is an unknown function of the file /callrec/userAddAction.do. Performing a manipulation of the argument role results in improper authorization. It is possible to initiate the attack remotely. The exploit is...

6.5CVSS0.00256EPSS
Exploits0References5
CVE
CVE
added 2 days ago9 views

CVE-2026-15373

CVE-2026-15373 affects Eleveo Call Recording Software 9.7.0. The vulnerability lies in an unknown function of the file /callrec/userAddAction.do, where manipulating the argument role enables improper authorization. It can be started remotely, and the exploit is public. Vendor response was not pro...

6.5CVSS6.5AI score0.00256EPSS
Exploits0References5
NVD
NVD
added 3 days ago6 views

CVE-2026-15188

A weakness has been identified in manjurulhoque django-job-portal up to dfa352f305bba44445ac5dc12e9b2a98c9dcd71f. Affected by this vulnerability is the function EditEmployeeProfileAPIView of the file accounts/api/views.py of the component Employee Dashboard Endpoint. This manipulation of the...

6.5CVSS0.00209EPSS
Exploits0References6
CVE
CVE
added 3 days ago7 views

CVE-2026-15188

The CVE affects manjurulhoque django-job-portal (up to commit dfa352f305bba44445ac5dc12e9b2a98c9dcd71f). The vulnerability resides in EditEmployeeProfileAPIView (accounts/api/views.py) of the Employee Dashboard Endpoint, where manipulating the role argument leads to improper access controls. An a...

6.5CVSS5.6AI score0.00209EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42606

A weakness has been identified in manjurulhoque django-job-portal up to dfa352f305bba44445ac5dc12e9b2a98c9dcd71f. Affected by this vulnerability is the function EditEmployeeProfileAPIView of the file accounts/api/views.py of the component Employee Dashboard Endpoint. This manipulation of the...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added last week10 views

CVE-2026-14719

A flaw has been found in SourceCodester Onlne Examination & Learning Management System 1.0. The impacted element is an unknown function of the file register.php of the component Registration Endpoint. Executing a manipulation of the argument role can lead to improper privilege management. The...

7.5CVSS6.7AI score0.00288EPSS
Exploits0References6Affected Software1
CVE
CVE
added last week16 views

CVE-2026-14719

CVE-2026-14719 describes a privilege-management flaw in SourceCodester Onlne Examination & Learning Management System 1.0. The vulnerable component is the register.php file of the Registration Endpoint. An attacker can manipulate the role parameter to achieve improper privilege management, and th...

7.5CVSS6.7AI score0.00288EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.10 views

PT-2026-55773

Name of the Vulnerable Software and Affected Versions SourceCodester Onlne Examination & Learning Management System version 1.0 Description An issue exists in the Registration Endpoint within the register.php file. A remote attacker can manipulate the role argument to cause improper privilege...

7.5CVSS7.1AI score0.00288EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/07/01 1:28 p.m.35 views

CVE-2026-5136 Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...

8.8CVSS0.00297EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 2:16 p.m.10 views

CVE-2026-13568

A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/usershandler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of t...

7.5CVSS0.00278EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 12:45 p.m.8 views

EUVD-2026-40088

A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/usershandler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of t...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 12:45 p.m.25 views

CVE-2026-13568

Affected product: SourceCodester Inventory Management System 1.0. Vulnerability: In the User Registration Endpoint, the /api/users_handler.php component mishandles the role argument, enabling improper access controls. This enables remote exploitation. Impact details (as stated): Remote exploitati...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-11519

A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ProductInventory/api/usershandler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper...

6.5CVSS5AI score0.00261EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 1:45 p.m.8 views

CVE-2026-11519

A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ProductInventory/api/usershandler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper...

6.5CVSS6.1AI score0.00261EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.8 views

CVE-2026-6228

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

8.8CVSS5.5AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.13 views

CVE-2026-10167

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function signauthcookie of the file application/controllers/Login.php of the component MYController. Executing a manipulation of the argumen...

7.5CVSS5.5AI score0.00409EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/31 3:30 a.m.17 views

EUVD-2026-33487

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function signauthcookie of the file application/controllers/Login.php of the component MYController. Executing a manipulation of the argumen...

7.5CVSS5.5AI score0.00409EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/31 3:30 a.m.12 views

CVE-2026-10167

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function signauthcookie of the file application/controllers/Login.php of the component MYController. Executing a manipulation of the argumen...

7.5CVSS6.8AI score0.00409EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.19 views

PT-2026-45170

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function sign auth cookie of the file application/controllers/Login.php of the component MY Controller. Executing a manipulation of the...

7.5CVSS6.8AI score0.00409EPSS
Exploits0References5
CVE
CVE
added 2026/05/25 12:15 a.m.27 views

CVE-2026-9409

Sushmi-pal Invoice-System contains a flaw in the User Management Handler, affecting an unknown portion of the /user file. Manipulation of the role argument allows improper authorization, enabling a remote attack. The exploit has been published, and the product uses a rolling release with no versi...

5.3CVSS5.4AI score0.00198EPSS
Exploits0References4
Rows per page
Query Builder